Introduction

To understand ICS/SCADA networks and how various components communicate with each other, we need to understand the underlying protocols that are being used by these systems. “Protocol” means how two or more than two systems will talk/communicate with each other.

Every protocol has been designed specifically for a particular need and serves its own purpose. Some protocols have been designed for efficiency, reliability and for operational and economic requirements, while others have been designed for real-time operations for precision and accuracy. To further complicate this, many of these protocols have been designed and modified to run over IP/Ethernet to support modern systems and bridge the gap for establishing communication between legacy and modern systems.

Open vs. proprietary protocols

Depending on the need and usage, protocols are usually designed by companies/organizations for serving a particular purpose. Some of the protocols are open-source and can be used by anyone for integrating into their own product, while some protocols are restricted and cannot be used. Protocols which cannot be used by anyone are the ones usually designed by manufacturers for usage with their own products only.

This means we have two categories of protocols. They are:

  1. Proprietary protocols: Proprietary protocols are the ones designed and made by a single organization. They are not open-source or free to use for anyone. Thus, proprietary protocol gives the owner to change the protocol design and implementation and enforce restrictions on the usage. Owners usually enforce restrictions through patents rights and trade secrets and do not disclose the technical information behind the protocol.
  2. Open-source/standard protocols: Open-source protocols are free to use by anyone. They are usually designed and developed by organizations like IEEE/IETF or as a joint effort by many organizations. Open-source protocols offer following advantage over proprietary protocols:
    1. Free to use by anyone
    2. Can be modified and deployed as needed
    3. Scalability and reduced cost of implementation
    4. Freedom to select any protocol that matches their technical and financial needs
    5. Freedom to integrate multiple vendor products in their system
    6. No annual fees and hidden costs
    7. Ease of migration

Lists of industrial systems protocols

Following are the lists of commonly used protocols used for power system automation, building automation, process automation, industrial control system and power system automation.

  1. Process automation protocols
CIP ControlNet DNP3 Ethernet/IP HART
Foundation Fieldbus Modbus (all variants) Profibus PROFINET Honeywell SDS

 

  1. Industrial control system protocols
MTConnect OPC UA OPC OMG DDS

 

  1. Building automation protocols
BACnet Z-Wave ZigBee LonTalk DALI Dynet Modbus

 

  1. Power system automation protocols
DNP3 IEC 60870-5 IEC 61850 IEC 62351

 

  1. Meter reading protocols
OMS Zigbee Smart Energy M-bus ANSI C12.18

 

  1. Automation/vehicle protocol
CAN (Controller Area Network) VAN (Vehicle Area Network) FlexRay UAVCAN IEBus

 

Though the above lists are not comprehensive lists of protocols used, the above mentioned protocols are majorly used in industrial network and ICS systems.

Security state of open and proprietary protocols

As the nature and ownership of open-source and proprietary protocols are different, so is the security state. Open-source protocols are typically considered more secure and safer than proprietary protocols.

This is due to certain factors like:

  1. Contribution: Large numbers of people/organizations contribute in open-source protocol design and development, as compared to proprietary-based ones. Thus, a large number of people contribute in secure design and implementation in open-source protocols as compared to proprietary-based ones, making open-source protocols more safe and secure.
  2. Technology: Open-source protocols make use of open-source software for implementation. Proprietary protocols make use of their own ones. Thus, open-source protocols are safer, due to the contributions by a large number of people.
  3. Provision for research: It is possible for anyone to do research on open-source protocol and test it for various security parameters, since the code is openly available to do so. This is not the case with proprietary protocols.

Conclusion

Both open and proprietary protocols have their own place in the market. For businesses having financial constraints and looking to cut costs, open-source protocols is the way. For companies looking to design their own product and want to be whole and sole owner, proprietary protocols are the ones for them. Thus, depending on the need and usage, both are needed and companies have options to choose either of them.

 

Sources

  1. Open or proprietary protocols?, Resource Data Management
  2. Open vs. Proprietary Systems: Open Software Standards, Startel
  3. Difference between Proprietary and Standard Protocols, OmniSecu
  4. Industrial Control System, Trend Micro

Be Safe

Section Guide

Nitesh
Malviya

View more articles from Nitesh

As you grow in your cybersecurity career, Infosec Skills is the platform to ensure your skills are scaled to outsmart the latest cyber threats.

Section Guide

Nitesh
Malviya

View more articles from Nitesh